babel-2.5.1-7.el8

エラータID: AXSA:2021-2647:01

Release date: 
Sunday, December 12, 2021 - 06:36
Subject: 
babel-2.5.1-7.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Babel provides tools to build and work with gettext message catalogs, and a
Python interface to the CLDR (Common Locale Data Repository), providing access
to various locale display names, localized number and date formatting, etc.

Security Fix(es):

* python-babel: Relative path traversal allows attacker to load arbitrary
locale files and execute arbitrary code (CVE-2021-20095, CVE-2021-42771)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2021-20095
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This
candidate was withdrawn by its CNA. Notes: none.
CVE-2021-42771
Babel.Locale in Babel before 2.9.1 allows attackers to load arbitrary locale
.dat files (containing serialized Python objects) via directory traversal,
leading to code execution.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. babel-2.5.1-7.el8.src.rpm
    MD5: 828afdf648d003c21de1f2ecdd2f7ef2
    SHA-256: 05bc65ba47840974a0c64a8ce9c1e87af9283b66fa38f4e365e0995b3836323b
    Size: 6.33 MB

Asianux Server 8 for x86_64
  1. python3-babel-2.5.1-7.el8.noarch.rpm
    MD5: 9ec9701359690279c326e5e2591f41a4
    SHA-256: 9e1cd47f9e14cd67eb3001de0bdb019c860145d2db1bc5a0696a44ea58f54e29
    Size: 4.78 MB